Recently many Grenfell residents have received and fallen victim to emails containing malicious word documents claiming to be invoices. The documents require the recipient to enable macros to view the ‘invoice’ but instead, enabling macros allows malicious code to run on the computer and inadvertently installs a ransomware called ‘Locky’. Macros in Microsoft Office software allows advanced functions not needed by majority of users. This is the reason that macros are blocked as a default setting.
Locky encrypts your data rendering it unreadable until you purchase a key from the cybercriminal. The unlock key often cost around $500 which is how cyber criminals stay in business. I do not recommend purchasing the unlocking key as 1) there is no guarantee the cybercriminal will ever provide it even though you have paid for it and 2) while people keep buying the unlock keys, you are supporting their business model. Once your files are encryption there is no way anyone other than the cybercriminal can unlock it. For these reason the best way to stay safe online is to always be vigilant and be wary of opening any attachment when you are not 100% sure of the source.
Other ransomware which has appeared in recent weeks is KeRanger. This ransomware is designed to infect Mac users. The infection rate is very low as the user had to install a particular version of ‘Transmission’ – a program used for downloading large files – which cybercriminals had modified to contain malicious code. The malicious code has since been removed and users that require Transmission can download it safely again.
Scammers use social engineering tactics to spread their scams. They rely on user’s natural curiosity, tricking people into opening malicious files. When a file claims to be an invoice, people become curious wondering what bill they need to pay, this distraction lowers their guard towards online security procedures allowing infection of their computer. Many different file types can contain malicious code, or can be used to exploit security vulnerabilities in software, allowing the attacker access to your computer. Harmless looking files such as doc, pdf or even jpeg files can all be injected with malicious code.
The best way to recover from ransomware is restoring from a backup. I recommended having a separate backup stored away from your computer. You may choose to only update this backup weekly for convenience sake. This isolation prevents your backup from ever becoming encrypted if you were to be infected by ransomware, but it will also mean you won’t have an absolutely up to date backup, however this is preferable than loosing every file in its entirety.
If you have any queries on backups, ransomware or have any other tech related questions please feel free to contact us.